Scribd Logo
Upload

Welcome to Scribd!

  • 029-Introduction To Firewall

    Uploaded by

    saf
    12 views4 pages
    Firewalls act as a barrier between trusted and untrusted networks, allowing administrators to filter traffic passing through. Stateful firewalls track connections and automatically allow related return traffic. They can also inspect traffic up to the application layer to block threats. Most networks use multiple security zones like inside, outside, and DMZ to isolate servers and permit only necessary traffic between zones. Modern firewalls offer additional protections like deep packet inspection, intrusion detection and prevention systems, and advanced malware protection.

    Original Description:

    Original Title

    029-Introduction to Firewall

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Firewalls act as a barrier between trusted and untrusted networks, allowing administrators to filter traffic passing through. Stateful firewalls track connections and automatically allow related return traffic. They can also inspect traffic up to the application layer to block threats. Most networks use multiple security zones like inside, outside, and DMZ to isolate servers and permit only necessary traffic between zones. Modern firewalls offer additional protections like deep packet inspection, intrusion detection and prevention systems, and advanced malware protection.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    12 views4 pages

    029-Introduction To Firewall

    Uploaded by

    saf
    Firewalls act as a barrier between trusted and untrusted networks, allowing administrators to filter traffic passing through. Stateful firewalls track connections and automatically allow related return traffic. They can also inspect traffic up to the application layer to block threats. Most networks use multiple security zones like inside, outside, and DMZ to isolate servers and permit only necessary traffic between zones. Modern firewalls offer additional protections like deep packet inspection, intrusion detection and prevention systems, and advanced malware protection.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    1 [Introduction to Firewalls]

    The firewall is the barrier between a trusted and untrusted network, often used between your
    LAN and WAN. It’s typically placed in the forwarding path so that all packets have to be
    checked by the firewall, where we can drop or permit them.

    Stateful Filtering
    Firewalls, like routers can use access-lists to check for the source and/or destination address or
    port numbers. Most routers however, don’t spend much time at filtering…when they receive a
    packet, they check if it matches an entry in the access-list and if so, they permit or drop the
    packet. That’s it.

    Firewalls, on the other hand, use stateful filtering. They keep track of all incoming and outgoing
    connections. Here are some examples:

     A computer on the LAN uses its email client to connect to a mail server on the Internet.
    The client will start the connection with a TCP three-way handshake, which the firewall
    sees. The firewall will keep track of this connection and when the mail server responds,
    the firewall will automatically permit this traffic to return to the client.
     A web server is sitting behind a firewall; it’s a busy server that accepts an average of 20
    new TCP connections per second from different IP addresses. The firewall keeps track of
    all connections, once it sees a source IP address that is requesting more than 10 new TCP
    connections per second; it will drop all traffic from this source IP address, preventing a
    DoS (Denial of Service).

    Packet Inspection
    Most firewalls support some form of (deep) packet inspection. Simple access-lists only check
    source/destination addresses and ports, that’s layer 3 and 4 of the OSI model. Packet inspection
    means we can inspect up to layer 7 of the OSI model.

    Here are some examples:

     Instead of blocking all IP addresses that belong to lolcats.com, you can create a filter that
    looks for the URI in HTTP requests and block those instead. You won’t have to worry
    about IP addresses of web servers that might change in the future.
    2 [Introduction to Firewalls]

     Your firewall can check the payload to block any packets that contains known worms or
    viruses.

    Security Zones

    Above we have two security zones:

     INSIDE: this is our LAN


     OUTSIDE: this is our WAN

    The interfaces have been assigned to the correct security zone. These zones have two simple
    rules:

     Traffic from a “high” security level to a “lower” security level is permitted.


     Traffic from a “low” security level to a “higher” security level is denied.

    If you want to make an exception, and permit traffic from the WAN to the LAN then this can be
    accomplished with an access-list.

    Most companies will have one or more servers that should be reachable from the Internet.
    Perhaps a mail or web server. Instead of placing these on the INSIDE, we use a third zone called
    the DMZ (Demilitarized Zone). Take a look at the picture below:
    3 [Introduction to Firewalls]

    The DMZ security zone will have a security level that is in between the INSIDE and OUTSIDE.
    This means that:

     Traffic from INSIDE to OUTSIDE is permitted.


     Traffic from INSIDE to DMZ is permitted.
     Traffic from DMZ to OUTSIDE is permitted.
     Traffic from DMZ to INSIDE is denied.
     Traffic from OUTSIDE to DMZ is denied.
     Traffic from OUTSIDE to INSIDE is denied.

    To ensure traffic from the OUTSIDE is able to reach the servers in the DMZ, we will use an
    access-list that only permits traffic to the IP address (and port numbers) that the servers in the
    DMZ use. This setup is very secure, if one of your servers in the DMZ gets hacked, your
    INSIDE network will still be secure.

    Intrusion Detection Systems (IDS)


    Analyze and monitor network traffic for signs that indicate attackers are using a known cyber
    threat to infiltrate or steal data from your network. IDS systems compare the current network
    activity to a known threat database to detect several kinds of behaviors like security policy
    violations, malware, and port scanners.

    Intrusion Prevention Systems (IPS)


    Live in the same area of the network as a firewall, between the outside world and the internal
    network. IPS proactively denies network traffic based on a security profile if that packet
    represents a known security threat.
    4 [Introduction to Firewalls]

    Cisco Adaptive Security Appliance (Cisco ASA) Features


     Packet filtering
     Stateful filtering
     Routing support
     VPN support
     Supports IPv6
     VPN load Balancing
     Stateful failover
     Advance Malware Protection (AMP)
     Modular Policy Framework (MPF)

    Note
    Some of the features described above are also available on routers. For example, Cisco IOS
    routers support the reflexive access-list which is a “poor mans” stateful firewall. Cisco IOS also
    supports the Zone Based Firewall, which as the name suggests uses security zones. Hardware
    firewalls however, offer a better network performance / throughput.

    You might also like